Top It security Tools For web developers to Make their websites and web applications secure

Most attacks on a web-site or web application can be prevented by exercising some caution by the web developer during and after application development. Study reveals that 70% of web sites have vulnerabilities that can lead to theft of valuable data or defacement. Some of  the threats an web application might have are  1)Cross site scripting 2)Sql Injection 3)Command injection  4) Cookie Poisoning  5)Directory traversal or forceful browsing  6)Authentication Hijacking  7)Zero Day attack  8)Platform Exploit 9) Log tampering  ,etc. But most of these attacks can be prevented by some countermeasures. Now in this post I will be discussing how to detect the common web vulnerabilities of your website after you have developed it using some easy to use tools. Knowing these vulnerabilities will make you able know to more about their remedies.

1)Acunentix Web Vulnerability Scanner

Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications.It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues. Mitigation suggestions are then provided for each weakness and can be used to increase the security of the web server or application being tested. It is easy to use and a free edition is also available.

Download link  http://www.acunetix.com/

 

2) AppScan 

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007

Download link http://www.ibm.com/developerworks/downloads/r/appscan/

  

3) DirBuster 

DirBuster searches for hidden pages and directories on a web server. Sometimes developersl leaves a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities.This is a Java application developed by OWASP.

Downlink https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download

4) CookieDigger

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.     

Download link http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/cookiedigger.aspx

5) dotDefender

dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for your websites and web applications. It blocks attacks that are manifested with HTTP request logic such as sql injectin,proxy takeover,header tampering etc and other known attacks.

By- Sourav